4.8
CVE-2024-7133
- EPSS 0.42%
- Veröffentlicht 13.09.2024 06:15:15
- Zuletzt bearbeitet 27.09.2024 21:27:50
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginMy Sticky Bar < 2.7.3 - Admin+ Stored XSS
My Sticky Bar <= 2.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks.
Mögliche Gegenmaßnahme
My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu): Update to version 2.7.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Premio ≫ My Sticky Bar SwPlatformwordpress Version < 2.7.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu)
Version
*-2.7.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.334 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://wpscan.com/vulnerability/c81c1622-33d1-41f2-ba63-f06bd4c125ab/
https://www.wordfence.com/threat-intel/vulnerabilities/id/996e0bca-70cb-45ab-bb94-b41250e252fc